From 890dfc4460d4e971836cf5ebcd7e262167d8277b Mon Sep 17 00:00:00 2001
From: Markus Uhlin <markus@nifty-networks.net>
Date: Sat, 5 Apr 2025 13:27:04 +0200
Subject: Check integer upper bounds

---
 FICS/playerdb.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'FICS')

diff --git a/FICS/playerdb.c b/FICS/playerdb.c
index 18c3188..08c4689 100644
--- a/FICS/playerdb.c
+++ b/FICS/playerdb.c
@@ -972,6 +972,9 @@ got_attr_value_player(int p, char *attr, char *value, FILE *fp, char *file)
 		if ((i = atoi(value)) < 0) {
 			warnx("%s: num censor negative", __func__);
 			return -1;
+		} else if (i > MAX_CENSOR) {
+			warnx("%s: num censor too large", __func__);
+			return -1;
 		}
 
 		while (i--) {
@@ -994,6 +997,9 @@ got_attr_value_player(int p, char *attr, char *value, FILE *fp, char *file)
 		if ((i = atoi(value)) < 0) {
 			warnx("%s: num notify negative", __func__);
 			return -1;
+		} else if (i > MAX_NOTIFY) {
+			warnx("%s: num notify too large", __func__);
+			return -1;
 		}
 
 		while (i--) {
-- 
cgit v1.2.3